Overview

overview

10

Static

static

10

2024-11-20...ce.exe

windows7-x64

10

2024-11-20...ce.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-11-2024 16:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-11-20_14f5051ecc9450a95e52a1cec038cc9f_polyvice.exe

  • Size

    10.5MB

  • MD5

    14f5051ecc9450a95e52a1cec038cc9f

  • SHA1

    7b3cd491f6f83250fe894b9ad55071996494182d

  • SHA256

    6d61a9b4a24f4d4519b5e4de3ab3e9f1efdc67a5df1d721b1052402b1b5ea109

  • SHA512

    b11b9598848ef5d0c239243202ef2f7dbe80e1ba3ede26296989a94e992cbefde744b371364f66bd84456896184128db866b8a1fb305e11520549e54595faec9

  • SSDEEP

    98304:dR4XRwKR3oKDkPd4nPExkE7ttAkHA/ZN0Ri/PzGbdk4KPGIJJvGl8pI+XFwWgX4e:gXLGpSJ85qmufbZnVsY746Ax761PZaV

Score
10/10
xmrigminer

Malware Config

Signatures

  • Xmrig family
    xmrig
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 14 IoCs
    miner
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-11-20_14f5051ecc9450a95e52a1cec038cc9f_polyvice.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-11-20_14f5051ecc9450a95e52a1cec038cc9f_polyvice.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:1608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1608-0-0x000001D095E20000-0x000001D095E40000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1608-1-0x000001D097950000-0x000001D097954000-memory.dmp

    Filesize

    16KB

    Download

  • memory/1608-2-0x000001D097950000-0x000001D097954000-memory.dmp

    Filesize

    16KB

    Download

  • memory/1608-3-0x00007FF62DE90000-0x00007FF62E9BC000-memory.dmp

    Filesize

    11.2MB

    Download

  • memory/1608-4-0x00007FF62DE90000-0x00007FF62E9BC000-memory.dmp

    Filesize

    11.2MB

    Download

  • memory/1608-5-0x00007FF62DE90000-0x00007FF62E9BC000-memory.dmp

    Filesize

    11.2MB

    Download

  • memory/1608-6-0x00007FF62DE90000-0x00007FF62E9BC000-memory.dmp

    Filesize

    11.2MB

    Download

  • memory/1608-7-0x00007FF62DE90000-0x00007FF62E9BC000-memory.dmp

    Filesize

    11.2MB

    Download

  • memory/1608-8-0x00007FF62DE90000-0x00007FF62E9BC000-memory.dmp

    Filesize

    11.2MB

    Download

  • memory/1608-10-0x000001D0979D0000-0x000001D0979D4000-memory.dmp

    Filesize

    16KB

    Download

  • memory/1608-9-0x00007FF62DE90000-0x00007FF62E9BC000-memory.dmp

    Filesize

    11.2MB

    Download

  • memory/1608-11-0x00007FF62DE90000-0x00007FF62E9BC000-memory.dmp

    Filesize

    11.2MB

    Download

  • memory/1608-12-0x00007FF62DE90000-0x00007FF62E9BC000-memory.dmp

    Filesize

    11.2MB

    Download

  • memory/1608-13-0x00007FF62DE90000-0x00007FF62E9BC000-memory.dmp

    Filesize

    11.2MB

    Download

  • memory/1608-14-0x00007FF62DE90000-0x00007FF62E9BC000-memory.dmp

    Filesize

    11.2MB

    Download

  • memory/1608-15-0x00007FF62DE90000-0x00007FF62E9BC000-memory.dmp

    Filesize

    11.2MB

    Download

  • memory/1608-16-0x00007FF62DE90000-0x00007FF62E9BC000-memory.dmp

    Filesize

    11.2MB

    Download

  • memory/1608-17-0x00007FF62DE90000-0x00007FF62E9BC000-memory.dmp

    Filesize

    11.2MB

    Download